From 550f7878bf509cc825726e6d95506e62857d48c9 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Mon, 26 Oct 2020 23:48:36 +0100
Subject: tested certificate chain code path further

Added more documentation and quick helper scripts for now.  We need to
specify which signature schemes we expect/support from submitters.
---
 server/testdata/entry/README.md                   |  21 ++++++++++
 server/testdata/entry/main.go                     |  46 ++++++++++++++++++++++
 server/testdata/entry/stitem/foobar-0.0.1         | Bin 0 -> 48 bytes
 server/testdata/entry/stitem/foobar-0.0.1.b64     |   1 +
 server/testdata/entry/stitem/foobar-0.0.1.sig     |   3 ++
 server/testdata/entry/stitem/foobar-0.0.1.sig.b64 |   1 +
 6 files changed, 72 insertions(+)
 create mode 100644 server/testdata/entry/README.md
 create mode 100644 server/testdata/entry/main.go
 create mode 100644 server/testdata/entry/stitem/foobar-0.0.1
 create mode 100644 server/testdata/entry/stitem/foobar-0.0.1.b64
 create mode 100644 server/testdata/entry/stitem/foobar-0.0.1.sig
 create mode 100644 server/testdata/entry/stitem/foobar-0.0.1.sig.b64

(limited to 'server/testdata/entry')

diff --git a/server/testdata/entry/README.md b/server/testdata/entry/README.md
new file mode 100644
index 0000000..0d26ca3
--- /dev/null
+++ b/server/testdata/entry/README.md
@@ -0,0 +1,21 @@
+# Create `item` and `signature` for the add-entry endpoint
+
+## Create a serialized `checksum_v1` entry
+The following creates a serialized `checksum_v1` StItem, such that the package
+name is `foobar-0.0.1` and the checksum `SHA256(foobar-0.0.1)`.  The result is
+stored in the `stitem` directory as `foobar-0.0.1`.
+```
+$ go run . --logtostderr --name foobar-0.0.1 --dir stitem 
+```
+
+## Sign the generated file using an end-entity certificate
+Let's use our ECDSA end-entity certificate using SHA256 as the hash function.
+```
+$ openssl dgst -sha256 -sign "../chain/rgdd-ecdsa.key" -out stitem/foobar-0.0.1.sig stitem/foobar-0.0.1
+```
+
+## Encode the resulting StItem and its signature as base-64
+```
+$ openssl base64 -A -in stitem/foobar-0.0.1 -out stitem/foobar-0.0.1.b64
+$ openssl base64 -A -in stitem/foobar-0.0.1.sig -out stitem/foobar-0.0.1.sig.b64
+```
diff --git a/server/testdata/entry/main.go b/server/testdata/entry/main.go
new file mode 100644
index 0000000..a849c50
--- /dev/null
+++ b/server/testdata/entry/main.go
@@ -0,0 +1,46 @@
+package main
+
+import (
+	"flag"
+	"os"
+
+	"crypto/sha256"
+	"io/ioutil"
+
+	"github.com/golang/glog"
+	"github.com/google/certificate-transparency-go/tls"
+	"github.com/system-transparency/stfe"
+)
+
+var (
+	name = flag.String("name", "foobar-1.2.3", "a package identifier")
+	dir  = flag.String("dir", "stitem", "directory path where output is stored")
+)
+
+func main() {
+	flag.Parse()
+
+	// Use H(name) as a dummy checksum
+	hasher := sha256.New()
+	hasher.Write([]byte(*name))
+	checksum := hasher.Sum(nil)
+
+	// Create and serialize an StItem of type checksum_v1
+	item := stfe.NewChecksumV1([]byte(*name), checksum)
+	serialized, err := tls.Marshal(item)
+	if err != nil {
+		glog.Fatalf("tls marshal failed: %v", err)
+	}
+
+	// Store the serialized item in *dir/name
+	if err := os.MkdirAll(*dir, 0755); err != nil {
+		glog.Fatalf("creating directory %s failed: %v", *dir, err)
+	}
+	path := *dir + "/" + *name
+	if err := ioutil.WriteFile(path, serialized, 0644); err != nil {
+		glog.Fatalf("writing to %s failed: %v", path, err)
+	}
+
+	glog.Infof("Created serialized checksum_v1 StItem: %s", path)
+	glog.Flush()
+}
diff --git a/server/testdata/entry/stitem/foobar-0.0.1 b/server/testdata/entry/stitem/foobar-0.0.1
new file mode 100644
index 0000000..c667a36
Binary files /dev/null and b/server/testdata/entry/stitem/foobar-0.0.1 differ
diff --git a/server/testdata/entry/stitem/foobar-0.0.1.b64 b/server/testdata/entry/stitem/foobar-0.0.1.b64
new file mode 100644
index 0000000..be3c14e
--- /dev/null
+++ b/server/testdata/entry/stitem/foobar-0.0.1.b64
@@ -0,0 +1 @@
+AAUMZm9vYmFyLTAuMC4xIHGVn/IR9o8GWqaDg88B65mgmWaY4+5EvQD12+c6/zgQ
\ No newline at end of file
diff --git a/server/testdata/entry/stitem/foobar-0.0.1.sig b/server/testdata/entry/stitem/foobar-0.0.1.sig
new file mode 100644
index 0000000..12062a4
--- /dev/null
+++ b/server/testdata/entry/stitem/foobar-0.0.1.sig
@@ -0,0 +1,3 @@
+K’qx†Œ®±š0||øäŸ:‹šðYånYßëwÚ³ñÓQL1MVýÔøíÊf7	À—¯–h“,”÷‚##ÚPq)Öf‘ÁZÌ<ë6Œ˜èÆJÈÇ—;59—ŒhÅ.ÿ´ä'FLõ‰BWÍ<:qJg·^¨ß(©Å>ŽŽðÛX	i<ÝÃ=èïD]–U.n¤‚£í7õ#ÿÌT¸?îUuÎ–W:BÚÏYÏ'ç‰›*j:Bj]þÈ†EÑ:•í.Å>F¤gá­»ÐÇ°	9=À>º`*¦|³RÇ“‹"{¸›­*™ÕÎ ð«q‘Ñ€ö——š¯Ã›F>•à‰27ÇªfSG²zm¹Á™Ñs`ÆËD=·Ñ‡]ªS%´$.lc_GHŽ’¡XºbÃüsB Žµ!=mL¾Õçgè?e¥öJ—‚t6™±Šc´Ã[áØø’þÎ§¿Dò7ã¦ýúšn±²E d»ÀlRz¤ö‚VŒ÷Ö”Ÿÿ^­9Ã¯Îal%‚žü8H’e
+Éx&þL
+}-áÇÔ~‰,Îäå™Ö?Mzí€}žžóèºéNäi^Ë«,û‚0öÌ)Š“pzÑ"‚w ‘ÇüpÀ­¿'‚"€!Z.±xCc`ôõâÚ]EäÊàùþçb
\ No newline at end of file
diff --git a/server/testdata/entry/stitem/foobar-0.0.1.sig.b64 b/server/testdata/entry/stitem/foobar-0.0.1.sig.b64
new file mode 100644
index 0000000..d31c0d3
--- /dev/null
+++ b/server/testdata/entry/stitem/foobar-0.0.1.sig.b64
@@ -0,0 +1 @@
+A0uScXiGF4yusRyaMHx8+OSfOoua8Fnlblnf63fas/HTUUwxkE1W/Q0E1PjtymY3CcCXGK+WaJMslPeCIyPaUHEBnSnWZpHBGFrMCDzrNpCMmOjGGUrIx5c7CDU5l4xoxS4S/7Qa5CdGTPUQFYlCV80dPDpxSme3Xg6o3yipxT6OjhTw21gJaTzdA8ONPejvRBVdlgNVLgt/bqSCo+039SP/zFQOuD/uVXXOlp1XOkLaz1nPJ+eJmwwqagY6Qmpd/siNhkXROpXtLsU+RqSPZ+Gtu9AIB8ewCTk9wD66YCqmfLNSDceTiwIie7gUm60qmdXOoPCrFHGR0QQPD4D2l5eaHK/Dm0Y+F5UC4IkyN8cfqmYaU0eyem25wZnRc2DGy0Q9t9GHXapTJbQkLgVsY19HSJCOFpIfoVi6BmIWB8P8c0KgjrUWIT1tTL7V52cD6D9lpfZKl4J0NpmximO0w1vhkNj4kv7Op79E8jfjpv36mhdusbJFoGS7wGwIUnqk9oJWjPfWlJ//Xq05wwGvzmFsJYKe/DhIDJIXZQrJeCb+TAp9LeHH1H4ZiSzO5H/lmdY/TXod7YB9np7z6LrpTuRpXsurLPuCMPbMASmKkxlwetEigncgkQTH/ARwwK2/HieCIoAhWgEunbF4Q2NgC/T1DOLaXRNFF+TK4Pn+52I=
\ No newline at end of file
-- 
cgit v1.2.3